1. Technical Field
The present invention relates generally to the field of computer software and, more specifically, to methods of protecting users' passwords in a global sign on system.
2. Description of Related Art
As computers have infiltrated society over the past several decades and become more important in all aspects of modern life, more and more confidential information has been stored on computer databases. However, computers and networks such as the Internet allow multitudes of users to access databases. Many times multiple databases may be accessed via the same network, but not all users on the network need or should have access to every database. Therefore, security devices have been implemented to prevent unauthorized access to a database.
One method of preventing unauthorized access is to require the user to provide user identification information to verify that that user is entitled to the information contained in the database. Thus, many database applications require a user to provide identification information, such as a user ID and password, in order to access a protected database. These applications may have this information fixed within the application (i.e., “hard coded”), the application may be configured with the information, or, in some cases, the application may prompt the user for this information at run time.
However, databases are not the only computer resources requiring a user to provide identifying information. Other resources such as servers and networks may also require users to provide identifying information. Because different resources have different security requirements and because some resources assign identities rather than allowing a user to choose, many users may have multiple identities depending on the particular resource that they are accessing. The database identity is yet another one that the user must maintain.
Global Sign-on (GSO) technology manages this set of multiple identities on behalf of a user so that the user only needs to maintain a single user identity. The user then allows the GSO to manage the other identities automatically whenever the user attempts to access a particular protected resource. The GSO technology stores all of the user's passwords in a centralized database. However, since passwords are confidential, the GSO server uses a “master key” to encrypt the users passwords before it stores them and it uses the “master key” to decrypt the user's passwords after it retrieves them from the database and before it sends them to the GSO client.
The confidentiality of the “master key” is only protected by the Access Control List (ACL) on the machine where the GSO server is installed. Using a single master key ensures the confidentiality of the passwords in storage, but this has at least three disadvantages. First, a compromise of the server's master key will possibly lead to compromises of all the target passwords of all GSO users. Second, if the integrity of the master key is destroyed, all the users' passwords in the GSO database will not be useful. Third, if there is a requirement that the GSO databases be accessible by other applications, the users' passwords cannot be used by these applications due to the encryption protection. Therefore, a flexible encryption scheme for GSO target passwords and a method that supports this scheme in the existing GSO architecture is desirable.